This course provides tradecraft training along the intelligence lifecycle including collection methods, techniques, planning, PIRs, and collection tools and targeting. Intelligence production methods and process flows are covered as well as evidence credibility, reliability, denial and deception, and confidence levels.

Students are required to demonstrate understanding and use structured analytic techniques as well as various types of analysis including synthesis and fusion of data and information into actionable intelligence. The class covers methods of adapting TTPs and IoCs for hunt and detect and interfaces to incident response.

The course includes case studies covering adversary campaign research and analysis, historical trending, and passive adversary collection. Students will be instructed in applying analytic techniques, when and how to use analytic techniques and analytic types. Students are presented several case studies for analysis, required to use tradecraft methods, and provide written reports in standard analytic format will dissemination the reports to stakeholders.

5 day instructor led in person (NOTE: the NICCS site may not be up-to-date)

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.